Lawyer sues Soko Loans for alleged data privacy breach, unsolicited messages and seeks N100m compensation
A lawyer, Olumide Babalola, sued Soko Lending Company Limited, also known as Soko Loans, for alleged invasion of privacy, among other reasons.
Babalola filed a complaint in the Lagos State High Court, Lagos, accusing the loan company of sending him unsolicited messages and defamation.
He is also seeking compensation of N100 million in damages for breach of his privacy.
In the Complaint filed at the Registry of the Court, the Counsel seeks a declaration “that under Section 2.2 of the Nigerian Data Protection Regulations 2019, the Respondent has no lawful basis to process (collect , store and/or use) the Applicant’s personal data (in particular their name and telephone number) to send the Applicant unsolicited and offensive WhatsApp messages and thereby interfere with the Applicant’s right to privacy guaranteed by the Section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (as amended)
“Perpetual injunction prohibiting defendant from further processing (storing and using) plaintiff’s name and phone number without legal basis. Damages in the amount of 100,000,000 naira (one hundred million naira). »
It also asks the court to determine “whether or not by the interpretation of Section 2.2 of the Nigerian Data Protection Regulations 2019, the Respondent’s processing (i.e. collection, use and storage) of the Applicant’s personal data (in particular his name and telephone number) to send him unsolicited and offensive messages without any of the legal bases interfering with the Applicant’s right to guaranteed privacy by Section 37 of the Constitution of the Federal Republic of Nigeria, 1999 (as amended)?
“Whether or not this court finds that the defendant breached the plaintiff’s right to privacy, the plaintiff is entitled to damages without necessarily proving monetary loss.”
The lawsuit, seen by SaharaReporters, further read: “I do not maintain an account with Respondent and have never conducted any business with Respondent allowing them to harvest, store or use my name. or my phone number for business or miscellaneous purposes(s). I never consented to the respondent’s use of my personal information for any reason.
“In December 2021, the respondent sent me a random WhatsApp message on my phone line 08183645995 informing me of someone’s debt and that I should prevail over the person to repay. I thought that it was a mistake and I ignored the message since I didn’t even know the person.
“On 31st January 2022 Respondent’s employee named ‘Jide’ with phone number 07035005483 sent me another WhatsApp message on my phone number 08183645995 informing me that another person is indebted to them and that ‘she acted like a criminal and that I should help them advise the responsible person Attached and marked Exhibit 2 are the screenshots of the messages.
“I asked the respondent’s employee – Jide – for the identity of the company owed and he replied “Soko Lending RichLoan” and he provided the account details for the repayment. The attachment and marked Exhibit 3 is the screenshot of the confirmation Again, I asked Jide how and where his company – the respondent got my personal information, but he refused to disclose it.
“As I never had a business relationship with the Respondent, I became uncomfortable and troubled that the Respondent’s employee (Jide) could invade my private space and stalk me with text messages. in their debt collection offer, which has nothing to do with me. Nor did I request a loan on behalf of a third party from the respondent or guarantee a loan obtained from him.
“The Respondent’s policy does not provide information about third parties with whom it shares personal data of individuals. The policy does not specify remedies for breaches of privacy. Contrary to the police confidentiality clause, in the text message she sent me, the respondent disclosed the identity of the debt and its guarantor as well as the amount owed. The policy does not provide clear information on the profiling it performs.
“The Respondent’s policy does not specify how its customer contacts consented to the use of personal information (specifically their phone numbers) collected from their customers’ devices. Respondent’s policy only states that in the event of a default, it will contact the “contact” disclosed by customers, but not all phone numbers stored on customers’ devices. There is no information about the data protection officer (DPO) of the respondent who is supposed to answer data protection questions.
“I have found the Respondent’s unsolicited message to be an invasion of my privacy and a breach of applicable data protection laws in Nigeria. From the foregoing details, I strongly believe that: My right privacy was violated by the Respondent when my personal data collected from its customers’ device was used to send me unsolicited and offensive messages.
“I find it uncomfortable and traumatic every time I remember that my phone number is stored by the respondent and used for business purposes. I suffered enormous mental and psychological discomfort and inconvenience because of the Respondent’s act. Thoughts of my sensitive personal information in the hands of a third party put me in a constant state of psychological and mental stress for fear of the unknown.
“I have suffered psychological and mental loss and trauma as I constantly feel a sense of irritation that a third party with whom I have had no dealings could send me unsolicited messages solely for their own business gain. Based on all of the details provided in the preceding paragraphs of this affidavit, I believe the following facts: Respondent does not have verifiable organizational policies in place that assist it in respecting privacy and ensuring appropriate data protection policies as required by the Nigerian Data Protection Regulations 2019. Respondent is required to demonstrate the strictest.If Respondent had an organizational policy for securing and protecting data personal data, he would not have sent me such an unsolicited message.”